52

unbound-adblock

 5 years ago
source link: https://www.tuicool.com/articles/hit/fQbiqe2
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

About

Unbound-adblock is an easy to use network adblocker. It allows you to block online advertisements network wide and thus block ads on devices that otherwise don't support traditional browser-based adblockers such as uBlock Origin, Adblock Plus etc. I have found unbound-adblock to boost web browsing speed and increase battery life on mobile devices.

A nice side effect of the network adblocking is that there is no added CPU utilization on the client-side device for filtering out the ads, as all the heavy lifting is done by the DNS server. For devices with low resources, unbound-adblock has been a breath of fresh air.

Additionally, unbound-adblock blocks a large amount of online trackers, malware, fake sites, pop ups and other annoying garbage.

unbound-adblock works best when used in conjunction withpf-badhost

Prerequisites:

This isn’t your first rodeo and you’re somewhat comfortable navigating your way around a Unix system. This guide is basically copy and paste. I will assume the reader knows how to set up an unbound(8) DNS server.

This OpenBSD FAQ page gives a list of easy instructions for doing just that.

How To

• Create a new user (we’ll call ours “_adblock”)

<b> # adduser _adblock </b>

• Download and put unbound-adblock.sh into /usr/local/bin/

<b>
	$ ftp https://www.geoghegan.ca/scripts/unbound-adblock.sh
 	# mv unbound-adblock.sh /usr/local/bin/ 
	# chown root:bin /usr/local/bin/unbound-adblock.sh
	</b>

• Add line to /var/unbound/etc/unbound.conf at the end of the “server:” config options

<b>include: /var/unbound/etc/adblock.conf </b>

• Give _adblock strict doas permissions for the exact commands it needs to run as superuser

<b># vi /etc/doas.conf
      permit nopass _adblock cmd rcctl args reload unbound
      permit nopass _adblock cmd mv args /tmp/adblock.conf /var/unbound/etc/
	</b>

• Edit _adblock’s crontab to run unbound-adblock.sh every night at midnight

<b> # crontab -u _adblock -e
      @midnight 		/bin/sh /usr/local/bin/unbound-adblock.sh
	</b>

• Login as user _adblock and run script manually to parse and load the adblock ruleset

<b> # su _adblock </b>
<b> $ sh /usr/local/bin/unbound-adblock.sh 
   unbound(ok)
	</b>

• Restart unbound(8) for good measure

<b> # rcctl restart unbound </b>

• Additionally, adding a rule such as below to your router's pf.conf will help to block ads on Google devices such as Chromecasts and Youtube apps that are often hardcoded to use Google DNS

<b> # vi /etc/pf.conf
   pass out quick on egress from any to { 8.8.8.8 8.8.4.4 } rdr-to $adblock-server
	</b>

unbound-adblock should now be installed and blocking ads!

In case you need to just copy and paste the code for some reason, here is the contents of unbound-adblock.sh

<b>


# Copyright 2018 Jordan Geoghegan

# Permission to use, copy, modify, and/or distribute this software for any 
# purpose with or without fee is hereby granted, provided that the above 
# copyright notice and this permission notice appear in all copies.

# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH 
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 
# PERFORMANCE OF THIS SOFTWARE.

# Download and parse StevenBlack hosts file into unbound compatible format

mkdir /tmp/unbound-adblock
cd /tmp/unbound-adblock
ftp https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts && \
awk 'BEGIN { OFS = "" } NF == 2 && $1 == "0.0.0.0" { print "local-zone: \"", $2, "\" redirect"; print "local-data: \"", $2, " A 0.0.0.0\"" }' hosts > adblock.conf
mv /tmp/unbound-adblock/adblock.conf /tmp/adblock.conf
doas mv /tmp/adblock.conf /var/unbound/etc/
doas rcctl reload unbound

# Clean up after ourselves
rm -r /tmp/unbound-adblock


</b>

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK